On Wed, Jul 23, 2014 at 08:26:39AM -0700, Bryan Call wrote: > > Below is our announcement for the security issue reported to us from > Yahoo! Japan. All versions of Apache Traffic Server are vulnerable.
Is there any information available about this problem, so that we can make a judgement on criticality of the upgrade? Any reason to believe a properly firewalled trafficserver (only incoming 80/tcp and 443/tcp allowed) should be remotely exploitable? Thanks! -jf